Withings processes your data to help you improve your health, while taking care of the health of your data.
As a data controller, Withings (Withings SA, 2 rue Maurice Hartmann, Issy-les-Moulineaux, 92130 France, email@example.com) is committed to giving the utmost attention to the security and protection of your privacy. Withings processes your personal data in compliance with applicable privacy and personal data laws according to the new European General Data Protection Regulation (GDPR) which entered into force on May 25th 2018.
In order to easily identify the personal data used in the different cases, each type of data is illustrated by a pictogram.
Depending on the Product used, the way you use it or the way you acquired it, some of the data below will be collected by Withings:
Identity data mean data which can directly identify you, such as your email address, birth date, usernames, names and surnames, phone number, delivery address.
Activity data vary depending on the Products used. They correspond to the measure of your physical activities, such as number of steps, distance travelled, number of swimming strokes, number of calories burned, type of activity, level of activity, and sport session time.
Physiological or health data mean data which correspond to a measurement of your physical features and your body activity. Depending on the Products used, it includes your weight, muscle, fat, water percentage, heart rate, blood pressure, electrocardiogram, heart sound, temperature, sleep cycles, snoring episodes.
Environmental data correspond to your environment or surroundings such as noise level, light level, temperature level, CO2 concentration, IP address and geo-location.
Technical data necessary for the use of the Products and Services, such as Wi-Fi network, technical logs, date of Product activation, battery measurement, manufacturing ID, debug technical information, and website cookies. Your bank details are processed when you purchase Products on our website. They are solely used for audit purposes and are not stored.
The data collected through the Products and Services of Withings is processed by Withings for the following specific purposes. Different purposes may apply simultaneously.
Providing Products and Services. Personal data processed by Withings are stored on your Withings account and accessible on the application. Personal data may be indicated as raw data (number of steps, weight, etc.), or as a result of specific processing (heart rate, respiration, movement which produces your sleep patterns, etc.).
Accounts. Use of our Products and Services requires the creation of a Health Mate account. This account also allows you to manage your content and preferences as well as measurements collected by the Products. More information on Health Mate online dashboards.
Communicating with you. When you contact our customer support department to solve a problem that you have reported, our team members may be required to process your personal data to help you. They will not be able to view your identified personal health data such as your weight or blood pressure without your consent.
Improving our Products and Services. We may use your anonymous personal data to improve our Products and Services, customers support, we may need to process certain data in order to correct or modify software settings. In addition, your health data might be anonymised, i.e not allowing to identify an individual or to be linked to an account and used by our teams at Withings Health Institute to conduct studies and analyses in the field of health, in order to advance scientific research.
All Products manufactured by Withings are connected objects that require the use of an iOS or Android device. The creation of a Withings account via a device is therefore a prerequisite for the installation of our Products.
Our Products work via a wireless connection (Wifi, Bluetooth, 3G/4G), allowing the configuration of the Product as well as the transmission and synchronization of the data collected with your Withings account. Some features are only accessible through the connection between your Product and the application. The personal data collected by the Products is stored and transmitted to our servers on your Withings account when you synchronize your Product with our mobile application, or when you connect your Product to your Wifi network. This synchronization on our servers located in France is necessary in order to allow:
the detection of anomalies on our Products, via the remote diagnostic service that you can use as part of customer service;
updating the software of our Products to fix bugs, add new features or apply changes made necessary by legal and regulatory evolutions in the field of data;
the backup of your data: in the event of loss or theft of an iOS or Android device on which our application is installed, you will be able to recover all your data;
the taking of measurements without being in the vicinity of your iOS or Android device on which our application is installed;
the Sharing of your data on several devices: you have access to your updated measurements via your personal Withings account, and on any device on which our application is installed.
For more information on how each of our Products works, we invite you to consult the corresponding user guide from our Help Center.
Your personal data will not be distributed, communicated, exchanged or transferred to third parties, on any medium whatsoever. Only the assumption of the purchase of Withings and its rights would allow the transmission of your data to the potential purchaser, who would in turn be bound by the same obligation to protect your data. In order to guarantee you high quality experience, we may disclose some data in very strictly defined cases.
International transfer of personal data. Our Services may be supplied thanks to hosting services provider located in France. Thus, your data may be transferred out of the country where you use our services, including countries out of the European Economic Area (EEA) that do not have specific laws for the protection of data. In these cases, we ensure the existence of a judicial ground during this transfer, as well as an adequate level of protection for your data, agreements approved by competent authorities, and by requiring the use of other measures allowing the protection of data.
Mandatory disclosure. We may be compelled by the law to disclose your personal data to some authorities or other third parties, such as the the law enforcement or legal authorities.
We make every effort to ensure the security of your personal data.
How do we ensure the respect of children's privacy? Withings' Products and Services are made for the general public.
How do we ensure the quality of your data? We recommend you to regularly log on your Withings account and confirm that your personal data are accurate and up-to-date. If you have a doubt on the accuracy of data, please inform us and we will implement means to correct or erase inaccurate data.
What action do we take to protect your personal data? The protection of your privacy and security is crucial in the way we create and supply our Products and Services. We apply our Policy through a selection of appropriate activities such as the proactive management of risks and the Privacy Guide. We take appropriate measures to guarantee online safety, physical safety, remove risks of data loss. We limit the access to our database to employees that have a justified need to access this information.
What are your rights? You can unsubscribe from marketing and ask that we stop processing your data for marketing means. We will still be able to send you security critical alerts. You also have a right of access, rectification and erasure on each of your personal data. We can help you access or suppress your personal data via your account or customer support department. You will find the procedures for exercising the right to the portability of your data in our Help Center, in the section "Import and export of data". If you wish to exercise your rights before Withings or object to a processing operation carried out by Withings, the requests must be sent to Withings, 2 rue Maurice Hartmann, 92130 Issy-les-Moulineaux, France, to the attention of our Personal Data Protection Officer, or by e-mail to firstname.lastname@example.org with proof of identity. In the event that you exercise your rights before our company, Withings will provide a copy of the personal data being processed and may require payment of a reasonable fee based on administrative costs for any excessive request from the user.
Complaint before the CNIL. In the event of a dispute, you also have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) whose registered office is located at 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 7.
In order for you to use our Products and Services, your data is stored until you request its deletion.
If you wish to delete your data and your account, please refer to our dedicated page accessible here.
In the event of a deletion request, all your data will be permanently deleted within 30 days of your request.
However, if you have deleted your Withings account and wish to use our Products and Services again, simply create a new account.
Updated on 03 Nov 2020.